One feature of Windows is defaulting to not showing messy complexity to the user. The other feature is defaulting to backward compatibility. Combined, this means that Windows often has more than two data stores for some aggregate feature [e.g. web browser security, software configuration etc.] as new versions of Windows implement these features in more robust ways.
So yeah there are two or more places where certificates are stored. Typical users only care about the abstraction of web security so that's what Windows surfaces. Application developers should choose the new store for new applications. Existing applications can use the old method. System administrators and security consultants should make themselves familiar with all the documentation and double their rates.
Bloggers, however, are still free to write linkbait headlines using the Windows bashing meme.
The problem with your argument is that this is an administrative GUI that isn't even normally presented to end users unless you search for it or know how MMC snap-ins work. It is a power-user interface by all measure.
And while Microsoft does simplify UIs for end users, they don't typically do the same for administrative content (just look at anything in the Admin Tools, or MMC snap-ins, no sugar coating there).
Your argument about backwards compatibility is at best confusing. What does the data stores utilised have to do with UI representations of the same? I can name numerous examples where things changed behind the scenes and the UI was just updated to support it (e.g. Disk Manager now supports ESP, and exFat, same UI, ConHost now supports Powershell, same UI, Defrag now supports Trim for SSDs, same UI, etc).
> So yeah there are two or more places where certificates are stored. Typical users only care about the abstraction of web security so that's what Windows surfaces.
No, it doesn't. As the blogpost clearly shows it doesn't "surface" all root CAs usable by websites.
> Application developers should choose the new store for new applications. Existing applications can use the old method.
Huh? What do application developers have to do with this? I don't see the connection. This isn't talking about the custom root CAs you may install, it is talking about Microsoft's list of preinstalled ones.
> System administrators and security consultants should make themselves familiar with all the documentation and double their rates.
Please link to the documentation about this on Microsoft's site.
> Bloggers, however, are still free to write linkbait headlines using the Windows bashing meme.
Aside from the word "lying" (which is emotive), the title is largely accurate. Windows does mislead about installed trusted root CAs. And nothing you've said in this apologist answer has come close to addressing that, you're just dancing around it.
While I agree that UnoriginalGuy's post could have been phrased in a more neutral manner, the post he was replying to referred to the article as "linkbait" based on a "Windows bashing meme." Is that a neutral phrasing? Given that the article was revealing new information to most of the people here, I strongly disagree that the article is "linkbait."
I think you are personalizing the debate in exactly the way you are supposedly trying to avoid. Let's debate the facts, not hurt feelings. Nobody has been rude here (at least in the few posts I read). There is nothing wrong with calling someone an apologist, as long as it is done in a respectful way and not just to get a rise out of someone. We don't need to shrink the space for debate here any more than it already has been.
How could that word possibly set you off? It's a common word in the English language, and couldn't possibly be offensive by any stretch of the word.
> a person who offers an argument in defense of something controversial.
Is it just me, or are the majority of online communities that I visit becoming overrun with people that get offended by the slightest amount of bold or confrontational behavior?
There really aren't many respectful ways to call someone an apologist or saying someone writes linkbaits. There is the Windows bashing meme (I, personally, don't like Windows very much) but this article has shown an interesting fact about Windows management UIs that, probably, Microsoft should rework a bit. And then there are the triggers brudgers and tptacek mentioned. We are human and fallible and we should keep that in mind as much as humanly possible.
The "linkbait" comment reflects one of my triggers and the way in which writing on mobile may correlate with lower quality output on my part. As original posted the line had both "linkbait" and "amateur hour". If I'd been sitting at a keyboard rather than touch screen, I might have have written something more constructive. The rhythm is better, editing is easier, and input is not so painful that I am looking for an ending after a couple of paragraphs.
Objectively speaking, there is pretty strong evidence to support a belief that a "Windows bashing meme" exists to the extent that any meme can exist. Apple spent most of a decade and several billion dollars on buying over the air advertising for it's "I'm a PC campaign"; it's so socially acceptable to bash Windows that PG hisself engaged in it for many years; and a lynchpin of Silicon Valley mythology is NetScape got hosed even though it unicorn exited at about $10 Billion, Marc Andreesen's minority stake was enough to make him a VC and Jim Clark bought a gridiron football field length yacht.
It's not that I'm opposed to over-enthusiastic headlines, well written headlines should capture the reader's attention to the point that they click. What makes it "linkbait" to me is that it panders toward confirmation bias rather than encouraging curiosity: it's us-versus-them tech gossip of the sort that tends not to make people smarter. I often wonder about unicorns not seen because of YC's historical attitude toward Windows [e.g. the days when a tock processor announcement for the mid-year Macbook dominated the HN frontpage for a day or two].
As to the other topic, one form low quality HN comments [1] take is what I call "the internet pick apart". Break a post down into many sound-bites. Cast each into an unfavorable context. Then arbitrarily argue against each sound bite. The goal is to broaden the flame war across many fronts without creating a concentrated target for coherent rebuttal. The pattern is to apply it recursively to each of successive defence by the victim. The sport is to keep the target spinning [there are extra points for reintroducing sound-bites from higher in the thread].
That said, a comment that literally begins with the string "The problem with you" probably isn't intended to produce constructive dialog. Pig lipsticking it with "r argument" doesn't change the purpose. Credit where credit is due, at least the comment works its way up to the pick apart rather than down to the problem with me.
Anyway, whenever I find myself writing or saying "you" in a conversation I try to stop and try to rephrase. It's loaded. When I read comments that use "you" it's usually the rest of the internet seeping into HN. The exception is things like "You can safely assume that I didn't write this on mobile."
[1]: On the other hand, the internet pick apart and other forms of flaming and trolling and pointless arguing constitute some of the highest quality writing on the internet in general. Trolling and flaming are successful because they are writing for an audience and for entertainment and for the shear joy of writing...or at least it was for me.
> And nothing you've said in this apologist answer has come close to addressing that, you're just dancing around it.
I said the answer was apologist, not the individual.
I myself post apologist answers all the time (justifications for controversial positions), but I don't consider myself an apologist broadly speaking. I also don't presume that the above poster is an "apologist" even if I do consider this singular post "apologist" in nature.
"Apologist" is a word for a person. Perhaps you were looking for "apologetic"? (Though given that an apologist is someone who practices apologetics, it still seems like a hazy distinction.)
In English, nouns can be used as adjectives. e.g. School bus, ticket office, computer mouse, apologist answer.
"Apologetic" has connotations of regret. I think this confusion might lead some people to take "apologist" as a derogatory or inflammatory word, when it shouldn't be.
When you use a noun referring to a person to modify another noun, it will generally be taken to mean "belonging or related to such a person." For example, "school teacher salaries" means salaries belonging to school teachers. Similarly, the phrase "apologist comment" naturally reads as "a comment belonging to an apologist."
And I don't think it's the connotations of regret that lend the term "apologist" its negative connotations. The negative connotation of that word is the implication that you are bound and determined to defend some position and will not be moved — stemming from its roots of defending literal dogma. People take it to mean a sort of closed-minded, blind tribalism.
At any rate, if you don't trust your audience to read "apologetic" in the proper sense, I certainly wouldn't hold out much hope for a neutral reading of "apologist."
It may have an objective definition but I don't think I've ever heard it used in a way that didn't have a connotation like this from chc:
"The negative connotation of that word is the implication that you are bound and determined to defend some position and will not be moved — stemming from its roots of defending literal dogma. People take it to mean a sort of closed-minded, blind tribalism."
The dictionary definition of apologist is "a person who offers an argument in defense of something controversial", and is usually used in such contexts as "hitler apologists" or the like. From there stems tptacek's reaction to someone using the term in a way that implies disparagement.
I'm not a web developer, I am not intimately familiar with the intricate details of SSL, and yet I understand what a root store is and how it works. I have used certmgr.msc in the past, understanding that it should show me the certificates trusted by the system -- no more, no less. I did not immediately realize that it was not showing me all the certs my system trusts and I would like to know how I could have immediately realized that without knowing all the major CA's and the names of their root certs off the back of my hand.
Perhaps that could be written off as my failing in not knowing what certmgr.msc "should do", but Windows certainly does not make it very clear and I think it's reasonable for an average power user to assume that it shows all the trusted certs on the system, and not part.
its more than reasonable. you would have to not only know what certmgr is and what it does, but also what it SHOULD be doing in order to know it wasent doing it.
that would require specific knowledge about the CA ecosystem and who is trusted. hardly anyone knows that.
So yeah there are two or more places where certificates are stored. Typical users only care about the abstraction of web security so that's what Windows surfaces. Application developers should choose the new store for new applications. Existing applications can use the old method. System administrators and security consultants should make themselves familiar with all the documentation and double their rates.
Bloggers, however, are still free to write linkbait headlines using the Windows bashing meme.